This post by Dan Gillmor contains a remark about spammers using non-existent return addresses that reminded me of something I learned from experience. Big-ISP email addresses that consist of short letter combinations are subject to use as phony return addresses on spam messages. (They are also subject to receiving spam generated by bots that spam all addresses from “email@example.com” to “firstname.lastname@example.org”.) One of my email addresses is “xxx@bigISP.com”, where “xxx” is a meaningless three-letter combination that I invented for reasons that don’t matter here. I rarely send mail from this address, yet it receive lots of spam. And from time to time I receive waves of bounced messages in which my address appears in the “reply to” field — IOW, a spammer forged my email address in his messages, and now, out of the thousands of unsolicited messages that he sent, the ones to bad addresses or full mailboxes get bounced to me. I’m sure that many of us have had similar experiences. Maybe the way to minimize this sort of thing is to use one’s own domain for one’s main email address. There may also be some value in making sure that the part of one’s email address that’s on the left of the “@” sign isn’t too short.